14 Jul 2017

The case for inclusive cyber policymaking processes

This article is adapted from a keynote speech by GPD’s executive director, Lea Kaspar, at the I International Workshop on Gender and Cybersecurity: Creating a More Inclusive Digital World v1.0, held in the Auditorio Ciudad de León, and organised by The Spanish National Cybersecurity Institute (INCIBE), in collaboration with the Organisation of American States (OAS).

Governing cyberspace in a way which harnesses its potential, while mitigating its risks, is the key policy challenge of our age.

The digital environment has created unprecedented opportunities for economic and social development for people around the world, including women and girls – for whom it can provide a crucial medium for expression and exploration, especially in contexts where their offline activities are monitored or repressed.  

At the same time, it is important to remember over half of the world’s population still does not have access to the internet. And new digital divides are emerging, not only between countries but within them. The gender gap in internet usage between men and women is staggering; a 2015 Web Foundation report found that, globally, women are 50% less likely to have internet access.

For those who do get online, there are risks – from harassment and hate speech, to violent extremism. Many of these risks disproportionately affect women and girls. One recent study in Australia found that 76% of women under 30 surveyed had experienced some form of abuse or harassment online. Online violence against women is, of course, an expression of the gender discrimination and inequality that exists offline; but online, it can become amplified.

The importance of finding solutions to address this – which can enable a digital environment that is secure and open to innovation, and where our rights can be enjoyed and respected – cannot be overstated.

As the use of ICTs and the internet becomes all but ubiquitous, this task becomes even more urgent.

It’s clear that the challenge in front of us is huge. What do we do about it?

This is where inclusiveness comes in. The 2016 World Bank report on Digital Dividends highlighted the importance of good governance in reaping the benefits of the digital revolution.

At Global Partners Digital, we agree. In over a decade of engaging on digital policy and digital rights issues, we have come to believe that a free, open and secure cyberspace can only be achieved through policymaking processes which are open, inclusive and transparent.

This is not because we accord some intrinsic, objective value to inclusiveness. Our reasoning is intensely practical – it’s because all the evidence shows that inclusive policymaking leads to better policy outcomes, ones which bring us closer to the vision of a free open and secure cyberspace.

Let’s look at a few examples.

At the 2014 ITU Plenipotentiary Conference, one of the top items on the agenda was measures to combat counterfeit devices – a major issue in a lot of developing countries, especially in Africa. The proposal initially tabled on this issue suggested that countries should take “all necessary measures” to combat counterfeiting. In practice, these measures could extend to, for example, a government switching off all counterfeit mobile devices in a given country through local mobile network operators (something which actually happened in Kenya in 2012).

The consensus of the delegates in the negotiation room – mostly regulators from ITU member states – was clearly in favour of this proposal. If the proposal had gone through without revisions, however, it would have had disastrous consequences for human rights. In developing countries, large proportions of citizens rely on counterfeit devices to communicate, learn and organise (in Kenya, for example, the figure is between 9% and 20% of mobile users). Shutting off these devices may have been judged necessary, but it is not proportionate, and could have had severe impacts on the lives of millions of users.

In the end, it was inclusiveness which saved the day. Two of the delegations (UK and Netherlands) were multistakeholder, and civil society voices within those delegations pushed successfully for the introduction of language into the proposal mandating that “user connectivity be taken into account”.

That’s an example of how the inclusion of voices can result in better policy outcomes. But what happens when key stakeholders aren’t included? At a recent conference, a keynote speaker presented his vision of ‘smart cities’ with ubiquitous connectivity, dwelling with particular relish on the possibilities this would generate for law enforcement agencies. When one audience member asked about the privacy implications of such a scheme, the speaker suggested that any such arrangement should be underpinned by the social contract of the community affected.

This approach might sound perfectly reasonable. The problem is this: if you only have security actors in the room, what will that social contract look like? Who in that room will ensure that our future cities are not only ‘smart’, but wise – guided by rights and values, where equality is realised and where tech works for the poor and for women and girls.

Many decisionmakers – including ones that GPD work with – are already convinced of these arguments. The need for inclusive policymaking processes has even been recognised in numerous cybersecurity forums and statements, including in the Chair’s Statement of the Global Conference on CyberSpace (GCCS) held in The Hague in 2015.

Despite this, actually implementing these principles can be a struggle.

In an effort to address this, at GPD, we developed our Framework for multistakeholder cyber policy development. Essentially, it’s a tool which which sets a standard for what it means for a process to be inclusive, and provides a way to measure existing processes to determine how inclusive they are against six benchmarking characteristics: open and accessible; diverse; collaborative; consensus-driven; evidence based; transparent and accountable.

Of course, this isn’t to suggest that there is one ‘right way’ to do inclusive policymaking.

Approaches will always vary, depending on a range of factors: including the nature of the specific policy issue; stage in the policy process; local context; the policy processes and institutional structures already in place; and the capacity and skills base of the actors involved.

But our hope is that the framework will provide a useful starting point to facilitate the development of effective, inclusive cyber policy processes, tailored to local contexts.

We’ve talked about the challenge in front of us – about how greater inclusiveness in cyber policy making could help address it, and what some of its characteristics might look like in practice.

What can we take away from this? There are two things worth emphasising.

First – process matters. Reflect on the characteristics outlined in the framework, and ask questions about the processes you participate in and develop.

And, secondly – as they say in the UK, the proof is in the pudding. The ultimate test of whether we are on the right track is the quality of policy outcomes.

Inclusive processes are not guarantors of gender diversity or equality. But they are an important tool among others that we can use to deal with the challenge.

And, ultimately, they will bring us one step closer to the free, open, and secure cyberspace that benefits us all.